What is Typosquatting? Typosquatting Definition and Examples of Typosquatting
What is Typosquatting?
Typosquatting refers to creating and registering a domain that closely resembles another website’s domain name. Typosquatting is coined from the word typo, which describes an unintentional mistake in the spelling of a word. However, in cybersecurity, the typo in a domain name is often intentional. Since the registration of these domain names is often with malicious intent, the registrants are simply malicious actors, commonly referred to as attackers.
Typosquatting Attacks
We know the most commonly used domains by heart. For instance, to log in to Facebook, we go to www.facebook.com. To start Google’s search engine, we search www.google.com. Further, to shop online on Amazon, we go to www.amazon.com. With these domain names in mind, we find it quick to visit the websites by entering the domain URL in a browser’s URL box and hitting the Enter key. This approach saves time as opposed to opening a browser and searching for results of the domain from the search engine results. For instance, instead of searching Amazon, we type amazon.com and go directly to the Amazon website. However, there is a problem with this approach.
You can easily make spelling mistakes while typing a full domain’s URL. Therefore, instead of typing amazon.com, you can type amazn.com and press Enter. Normally, browsers do not correct spelling mistakes, therefore, a wrongly spelled domain name should return Error 404: This site can’t be reached. However, attackers know this and are prepared to exploit the errors.
A malicious actor (attacker) can register a domain www.amazn.com and create a website associated with the domain. The website can be designed to look like the legitimate Amazon website or modify it to run a specific scam such as the lottery scam to harvest Personally Identifiable Information (PII). The website can also be configured to download malicious applications to the visiting device to run more advanced attacks on the visiting device or the network that the client device is connected to. Other reasons to create the typo domain can be to run marketing on products, create fake surveys, and so many other reasons. Therefore, when you search for amazn.com (instead of the intended amazon.com), you will get the typosquatting domain and you will be served with the fake website.
Types of Domain Typosquatting
There are various ways malicious actors can 'typosquat' a domain. The common ones are:
1. Adding or omitting characters on a domain name
In our example above, an attacker omits the character /o/ to create the amazn.com domain. The same domain can be changed to amzon.com, amazoon.com, and many more. In another example, an attacker can add the letter /o/ to google.com to typosquat the Google domain with gooogle.com.
2. Adding Hyphens to domains
Most common domains sound like two words. Domains such as Facebook, Netflix, Walmart, and Youtube such as a combination of two or more words. Therefore, an attacker can use this to typosquat these domains by simply adding hyphens to the words. Therefore, facebook.com becomes face-book.com, youtube.com becomes you-tube.com, and netflix.com becomes net-flix.com.
3. Omitting the dot (.) after www
Domains often begin with www. Prefix. For instance, to open the YouTube domain, you can search www.youtube.com. However, attackers are aware of a common spelling mistake where users forget to type the dot after www. Therefore, an attacker will typosquat the domain by registering and creating a new domain wwwyoutube.com. Therefore, when a user mistakenly omits the dot and types wwwyoutube.com, the fake and illegitimate website will be served to the user.
To read more on typosquatting, its purpose, and how to protect yourself from typosquatting attacks, read our full article on typosquatting.